Bandit Level 13-14@overthewire.org
Description
The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on.
Current level credentials
| Key | Value |
|---|---|
| Server-name: | bandit.labs.overthewire.org |
| Port: | 2220 |
| User: | bandit13 |
| Password: | wbWdlBxEir4CaE8LaPhauuOo6pwRmrDw |
Current level login
Log in
1 | |
sshpass before using it. The ssh command can also be used on its own. If so, copy-paste the password when requested.
Hints And Solution
Hint(s)
Learn how to use a private key with ssh. To connect to the host, you will need to use a private ssh key.
Solution
1 2 3 4 5 6 7 8 9 10 11 12 13 | |
- Use the
-iflag to specify the private key catout the password. All passwords are located in the/etc/bandit_passdirectory
ls -al reveals the file sshkey.private. The file indicates that it is a private ssh key. If we have a private ssh key, we can log in anywhere that has a corresponding public key in the authorized_keys file. To select the private key and connect to the server, add the flag -i to the ssh command. According to the description, the password for the user bandit14 is stored in /etc/bandit pass/bandit14.
cat returns the contents of the file, which is the password.
Resources
Resources
Bandit-level14@overthewire
SSH/OpenSSH/Keys
ssh @linux.die.net
About creating and using identity keys for key based ssh login @iu.edu
Comments
Any feedback and suggestions are welcome. This website was created using mkdocs and the material plugin. If you want, you can make a pull request. The repository is https://github.com/dabonzo/itsec_hp